[OpenAFS] libpam-krb5, NAT and tokens.

08 Apr 2003 20:11:02 +0200

2003-04-08, k keltezéssel Daniel Swärd ezt írta:
> I've been trying to get a working login to my server from behind a
> NAT-firewall, but I can't get any tokens with libpam-krb5.
>
> If I use "kinit -A user", then there's no problem getting tickets with
> aklog. But how do I tell the PAM-module to exclude the addresses when it
> tries to get a ticket?

Use my enhanced version of RedHat's (Nalin Dahyabhai) pam_krb5/pam_krb5afs
http://pam-krb5.sourceforge.net/
and use the following options:
/etc/krb5.conf
[appdefaults]
  pam = {
	 hosts = your.masq.ip.address
 	 # like 12.34.56.78
	 #or
	 addressless = true
	 #like kinit -A 
  }

It can convert the krb5 tickets to afs tokens. etc etc

balsa